pool/openssl-3
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity
Files
factory
openssl-3/openssl-CVE-2025-15467-test.patch
Pedro Monreal Gonzalez b0d78d2994 - Security fixes: 
* Missing ASN1_TYPE validation in PKCS#12 parsing
    - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
  * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
    - openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
  * Missing ASN1_TYPE validation in TS_RESP_verify_response() function
    - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
  * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
    - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
  * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
    - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
  * TLS 1.3 CompressedCertificate excessive memory allocation
    - openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
  * Heap out-of-bounds write in BIO_f_linebuffer on short writes
    - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
  * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
    - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
  * 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
    - openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
  * Stack buffer overflow in CMS AuthEnvelopedData parsing
    - openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
    - openssl-CVE-2025-15467-comments.patch
    - openssl-CVE-2025-15467-test.patch
  * Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
    - openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
  * NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
    - openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]

- Security fix: [bsc#1250232 CVE-2025-9230]

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=160
2026-02-19 15:28:42 +00:00

123 lines
4.3 KiB
Diff
Raw Permalink Blame History

From 1e8f5c7cd2c46b25a2877e8f3f4bbf954fbcdf77 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Sun, 11 Jan 2026 11:35:15 +0100
Subject: [PATCH] Test for handling of AEAD-encrypted CMS with inadmissibly
long IV
---
test/cmsapitest.c | 39 ++++++++++++++++++-
test/recipes/80-test_cmsapi.t | 3 +-
.../encDataWithTooLongIV.pem | 11 ++++++
3 files changed, 50 insertions(+), 3 deletions(-)
create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
Index: openssl-3.5.0/test/cmsapitest.c
===================================================================
--- openssl-3.5.0.orig/test/cmsapitest.c
+++ openssl-3.5.0/test/cmsapitest.c
@@ -9,10 +9,10 @@
#include <string.h>
+#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
-#include <openssl/pem.h>
#include "../crypto/cms/cms_local.h" /* for d.signedData and d.envelopedData */
#include "testutil.h"
@@ -20,6 +20,7 @@
static X509 *cert = NULL;
static EVP_PKEY *privkey = NULL;
static char *derin = NULL;
+static char *too_long_iv_cms_in = NULL;
static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
{
@@ -385,6 +386,38 @@ end:
return ret;
}
+static int test_cms_aesgcm_iv_too_long(void)
+{
+ int ret = 0;
+ BIO *cmsbio = NULL, *out = NULL;
+ CMS_ContentInfo *cms = NULL;
+ unsigned long err = 0;
+
+ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r")))
+ goto end;
+
+ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL)))
+ goto end;
+
+ /* Must fail cleanly (no crash) */
+ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0)))
+ goto end;
+ err = ERR_peek_last_error();
+ if (!TEST_ulong_ne(err, 0))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR))
+ goto end;
+
+ ret = 1;
+end:
+ CMS_ContentInfo_free(cms);
+ BIO_free(cmsbio);
+ BIO_free(out);
+ return ret;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
int setup_tests(void)
@@ -399,7 +432,8 @@ int setup_tests(void)
if (!TEST_ptr(certin = test_get_argument(0))
|| !TEST_ptr(privkeyin = test_get_argument(1))
- || !TEST_ptr(derin = test_get_argument(2)))
+ || !TEST_ptr(derin = test_get_argument(2))
+ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3)))
return 0;
certbio = BIO_new_file(certin, "r");
@@ -432,6 +466,7 @@ int setup_tests(void)
ADD_TEST(test_CMS_add1_cert);
ADD_TEST(test_d2i_CMS_bio_NULL);
ADD_ALL_TESTS(test_d2i_CMS_decode, 2);
+ ADD_TEST(test_cms_aesgcm_iv_too_long);
return 1;
}
Index: openssl-3.5.0/test/recipes/80-test_cmsapi.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/80-test_cmsapi.t
+++ openssl-3.5.0/test/recipes/80-test_cmsapi.t
@@ -18,5 +18,6 @@ plan tests => 1;
ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
srctop_file("test", "certs", "serverkey.pem"),
- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])),
"running cmsapitest");
Index: openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
===================================================================
--- /dev/null
+++ openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
@@ -0,0 +1,11 @@
+-----BEGIN CMS-----
+MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G
+A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V
+b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV
+NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd
+sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2
+CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu
+GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P
+AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl
+paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO
+-----END CMS-----
Reference in New Issue View Git Blame Copy Permalink